2008-02-28 02:34:43 +01:00
|
|
|
/*
|
|
|
|
* hostapd - IEEE 802.11i-2004 / WPA Authenticator: Internal definitions
|
2015-01-25 15:49:18 +01:00
|
|
|
* Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
2012-02-11 15:46:35 +01:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
* See README for more details.
|
2008-02-28 02:34:43 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef WPA_AUTH_I_H
|
|
|
|
#define WPA_AUTH_I_H
|
|
|
|
|
2008-12-16 13:17:33 +01:00
|
|
|
/* max(dot11RSNAConfigGroupUpdateCount,dot11RSNAConfigPairwiseUpdateCount) */
|
2008-12-18 16:15:36 +01:00
|
|
|
#define RSNA_MAX_EAPOL_RETRIES 4
|
2008-12-16 13:17:33 +01:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
struct wpa_group;
|
|
|
|
|
|
|
|
struct wpa_stsl_negotiation {
|
|
|
|
struct wpa_stsl_negotiation *next;
|
|
|
|
u8 initiator[ETH_ALEN];
|
|
|
|
u8 peer[ETH_ALEN];
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
struct wpa_state_machine {
|
|
|
|
struct wpa_authenticator *wpa_auth;
|
|
|
|
struct wpa_group *group;
|
|
|
|
|
|
|
|
u8 addr[ETH_ALEN];
|
2013-09-01 10:05:19 +02:00
|
|
|
u8 p2p_dev_addr[ETH_ALEN];
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
enum {
|
|
|
|
WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
|
|
|
|
WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
|
|
|
|
WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
|
|
|
|
WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
|
|
|
|
WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
|
|
|
|
} wpa_ptk_state;
|
|
|
|
|
|
|
|
enum {
|
|
|
|
WPA_PTK_GROUP_IDLE = 0,
|
|
|
|
WPA_PTK_GROUP_REKEYNEGOTIATING,
|
|
|
|
WPA_PTK_GROUP_REKEYESTABLISHED,
|
|
|
|
WPA_PTK_GROUP_KEYERROR
|
|
|
|
} wpa_ptk_group_state;
|
|
|
|
|
|
|
|
Boolean Init;
|
|
|
|
Boolean DeauthenticationRequest;
|
|
|
|
Boolean AuthenticationRequest;
|
|
|
|
Boolean ReAuthenticationRequest;
|
|
|
|
Boolean Disconnect;
|
|
|
|
int TimeoutCtr;
|
|
|
|
int GTimeoutCtr;
|
|
|
|
Boolean TimeoutEvt;
|
|
|
|
Boolean EAPOLKeyReceived;
|
|
|
|
Boolean EAPOLKeyPairwise;
|
|
|
|
Boolean EAPOLKeyRequest;
|
|
|
|
Boolean MICVerified;
|
|
|
|
Boolean GUpdateStationKeys;
|
|
|
|
u8 ANonce[WPA_NONCE_LEN];
|
|
|
|
u8 SNonce[WPA_NONCE_LEN];
|
AP: Extend EAPOL-Key msg 1/4 retry workaround for changing SNonce
If the 4-way handshake ends up having to retransmit the EAPOL-Key
message 1/4 due to a timeout on waiting for the response, it is possible
for the Supplicant to change SNonce between the first and second
EAPOL-Key message 2/4. This is not really desirable due to extra
complexities it causes on the Authenticator side, but some deployed
stations are doing this.
This message sequence looks like this:
AP->STA: EAPOL-Key 1/4 (replay counter 1, ANonce)
AP->STA: EAPOL-Key 1/4 (replay counter 2, ANonce)
STA->AP: EAPOL-Key 2/4 (replay counter 1, SNonce 1)
AP->STA: EAPOL-Key 3/4 (replay counter 3, ANonce)
STA->AP: EAPOL-Key 2/4 (replay counter 2, SNonce 2)
followed by either:
STA->AP: EAPOL-Key 4/4 (replay counter 3 using PTK from SNonce 1)
or:
AP->STA: EAPOL-Key 3/4 (replay counter 4, ANonce)
STA->AP: EAPOL-Key 4/4 (replay counter 4, using PTK from SNonce 2)
Previously, Authenticator implementation was able to handle the cases
where SNonce 1 and SNonce 2 were identifical (i.e., Supplicant did not
update SNonce which is the wpa_supplicant behavior) and where PTK
derived using SNonce 2 was used in EAPOL-Key 4/4. However, the case of
using PTK from SNonce 1 was rejected ("WPA: received EAPOL-Key 4/4
Pairwise with unexpected replay counter" since EAPOL-Key 3/4 TX and
following second EAPOL-Key 2/4 invalidated the Replay Counter that was
used previously with the first SNonce).
This commit extends the AP/Authenticator workaround to keep both SNonce
values in memory if two EAPOL-Key 2/4 messages are received with
different SNonce values. The following EAPOL-Key 4/4 message is then
accepted whether the MIC has been calculated with the latest SNonce (the
previously existing behavior) or with the earlier SNonce (the new
extension). This makes 4-way handshake more robust with stations that
update SNonce for each transmitted EAPOL-Key 2/4 message in cases where
EAPOL-Key message 1/4 needs to be retransmitted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-21 16:02:00 +01:00
|
|
|
u8 alt_SNonce[WPA_NONCE_LEN];
|
|
|
|
u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];
|
2015-10-14 00:18:11 +02:00
|
|
|
u8 PMK[PMK_LEN_MAX];
|
|
|
|
unsigned int pmk_len;
|
2008-02-28 02:34:43 +01:00
|
|
|
struct wpa_ptk PTK;
|
|
|
|
Boolean PTK_valid;
|
|
|
|
Boolean pairwise_set;
|
|
|
|
int keycount;
|
|
|
|
Boolean Pair;
|
2012-01-02 21:36:11 +01:00
|
|
|
struct wpa_key_replay_counter {
|
2008-12-16 13:17:33 +01:00
|
|
|
u8 counter[WPA_REPLAY_COUNTER_LEN];
|
|
|
|
Boolean valid;
|
2012-01-02 21:36:11 +01:00
|
|
|
} key_replay[RSNA_MAX_EAPOL_RETRIES],
|
|
|
|
prev_key_replay[RSNA_MAX_EAPOL_RETRIES];
|
2008-02-28 02:34:43 +01:00
|
|
|
Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
|
|
|
|
Boolean PTKRequest; /* not in IEEE 802.11i state machine */
|
|
|
|
Boolean has_GTK;
|
2008-10-21 12:54:54 +02:00
|
|
|
Boolean PtkGroupInit; /* init request for PTK Group state machine */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
|
|
|
|
size_t last_rx_eapol_key_len;
|
|
|
|
|
|
|
|
unsigned int changed:1;
|
|
|
|
unsigned int in_step_loop:1;
|
|
|
|
unsigned int pending_deinit:1;
|
|
|
|
unsigned int started:1;
|
|
|
|
unsigned int mgmt_frame_prot:1;
|
2011-11-17 21:59:31 +01:00
|
|
|
unsigned int rx_eapol_key_secure:1;
|
2012-01-02 21:36:11 +01:00
|
|
|
unsigned int update_snonce:1;
|
AP: Extend EAPOL-Key msg 1/4 retry workaround for changing SNonce
If the 4-way handshake ends up having to retransmit the EAPOL-Key
message 1/4 due to a timeout on waiting for the response, it is possible
for the Supplicant to change SNonce between the first and second
EAPOL-Key message 2/4. This is not really desirable due to extra
complexities it causes on the Authenticator side, but some deployed
stations are doing this.
This message sequence looks like this:
AP->STA: EAPOL-Key 1/4 (replay counter 1, ANonce)
AP->STA: EAPOL-Key 1/4 (replay counter 2, ANonce)
STA->AP: EAPOL-Key 2/4 (replay counter 1, SNonce 1)
AP->STA: EAPOL-Key 3/4 (replay counter 3, ANonce)
STA->AP: EAPOL-Key 2/4 (replay counter 2, SNonce 2)
followed by either:
STA->AP: EAPOL-Key 4/4 (replay counter 3 using PTK from SNonce 1)
or:
AP->STA: EAPOL-Key 3/4 (replay counter 4, ANonce)
STA->AP: EAPOL-Key 4/4 (replay counter 4, using PTK from SNonce 2)
Previously, Authenticator implementation was able to handle the cases
where SNonce 1 and SNonce 2 were identifical (i.e., Supplicant did not
update SNonce which is the wpa_supplicant behavior) and where PTK
derived using SNonce 2 was used in EAPOL-Key 4/4. However, the case of
using PTK from SNonce 1 was rejected ("WPA: received EAPOL-Key 4/4
Pairwise with unexpected replay counter" since EAPOL-Key 3/4 TX and
following second EAPOL-Key 2/4 invalidated the Replay Counter that was
used previously with the first SNonce).
This commit extends the AP/Authenticator workaround to keep both SNonce
values in memory if two EAPOL-Key 2/4 messages are received with
different SNonce values. The following EAPOL-Key 4/4 message is then
accepted whether the MIC has been calculated with the latest SNonce (the
previously existing behavior) or with the earlier SNonce (the new
extension). This makes 4-way handshake more robust with stations that
update SNonce for each transmitted EAPOL-Key 2/4 message in cases where
EAPOL-Key message 1/4 needs to be retransmitted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-21 16:02:00 +01:00
|
|
|
unsigned int alt_snonce_valid:1;
|
2008-02-28 02:34:43 +01:00
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
unsigned int ft_completed:1;
|
|
|
|
unsigned int pmk_r1_name_valid:1;
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2012-02-26 16:25:55 +01:00
|
|
|
unsigned int is_wnmsleep:1;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
|
|
|
|
int req_replay_counter_used;
|
|
|
|
|
|
|
|
u8 *wpa_ie;
|
|
|
|
size_t wpa_ie_len;
|
|
|
|
|
|
|
|
enum {
|
|
|
|
WPA_VERSION_NO_WPA = 0 /* WPA not used */,
|
|
|
|
WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
|
|
|
|
WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
|
|
|
|
} wpa;
|
|
|
|
int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
|
|
|
|
int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
|
|
|
|
struct rsn_pmksa_cache_entry *pmksa;
|
|
|
|
|
|
|
|
u32 dot11RSNAStatsTKIPLocalMICFailures;
|
|
|
|
u32 dot11RSNAStatsTKIPRemoteMICFailures;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
|
|
|
|
size_t xxkey_len;
|
|
|
|
u8 pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name derived from FT Auth
|
|
|
|
* Request */
|
|
|
|
u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */
|
|
|
|
size_t r0kh_id_len;
|
2010-04-07 20:04:13 +02:00
|
|
|
u8 sup_pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name from EAPOL-Key
|
|
|
|
* message 2/4 */
|
2010-04-10 21:40:35 +02:00
|
|
|
u8 *assoc_resp_ftie;
|
2014-03-23 17:13:03 +01:00
|
|
|
|
|
|
|
void (*ft_pending_cb)(void *ctx, const u8 *dst, const u8 *bssid,
|
|
|
|
u16 auth_transaction, u16 status,
|
|
|
|
const u8 *ies, size_t ies_len);
|
|
|
|
void *ft_pending_cb_ctx;
|
|
|
|
struct wpabuf *ft_pending_req_ies;
|
|
|
|
u8 ft_pending_pull_nonce[FT_R0KH_R1KH_PULL_NONCE_LEN];
|
|
|
|
u8 ft_pending_auth_transaction;
|
|
|
|
u8 ft_pending_current_ap[ETH_ALEN];
|
2008-02-28 02:34:43 +01:00
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2011-03-29 16:39:12 +02:00
|
|
|
|
|
|
|
int pending_1_of_4_timeout;
|
2013-03-16 18:13:31 +01:00
|
|
|
|
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
u8 ip_addr[4];
|
|
|
|
#endif /* CONFIG_P2P */
|
2008-02-28 02:34:43 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* per group key state machine data */
|
|
|
|
struct wpa_group {
|
|
|
|
struct wpa_group *next;
|
|
|
|
int vlan_id;
|
|
|
|
|
|
|
|
Boolean GInit;
|
|
|
|
int GKeyDoneStations;
|
|
|
|
Boolean GTKReKey;
|
|
|
|
int GTK_len;
|
|
|
|
int GN, GM;
|
|
|
|
Boolean GTKAuthenticator;
|
|
|
|
u8 Counter[WPA_NONCE_LEN];
|
|
|
|
|
|
|
|
enum {
|
|
|
|
WPA_GROUP_GTK_INIT = 0,
|
2013-12-24 21:38:16 +01:00
|
|
|
WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE,
|
|
|
|
WPA_GROUP_FATAL_FAILURE
|
2008-02-28 02:34:43 +01:00
|
|
|
} wpa_group_state;
|
|
|
|
|
|
|
|
u8 GMK[WPA_GMK_LEN];
|
|
|
|
u8 GTK[2][WPA_GTK_MAX_LEN];
|
|
|
|
u8 GNonce[WPA_NONCE_LEN];
|
|
|
|
Boolean changed;
|
2010-11-23 23:52:46 +01:00
|
|
|
Boolean first_sta_seen;
|
2010-11-24 12:08:03 +01:00
|
|
|
Boolean reject_4way_hs_for_entropy;
|
2008-02-28 02:34:43 +01:00
|
|
|
#ifdef CONFIG_IEEE80211W
|
2014-03-12 19:26:37 +01:00
|
|
|
u8 IGTK[2][WPA_IGTK_MAX_LEN];
|
2008-02-28 02:34:43 +01:00
|
|
|
int GN_igtk, GM_igtk;
|
|
|
|
#endif /* CONFIG_IEEE80211W */
|
2015-04-26 14:22:55 +02:00
|
|
|
/* Number of references except those in struct wpa_group->next */
|
|
|
|
unsigned int references;
|
2015-10-05 16:14:26 +02:00
|
|
|
unsigned int num_setup_iface;
|
2008-02-28 02:34:43 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
struct wpa_ft_pmk_cache;
|
|
|
|
|
|
|
|
/* per authenticator data */
|
|
|
|
struct wpa_authenticator {
|
|
|
|
struct wpa_group *group;
|
|
|
|
|
|
|
|
unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
|
|
|
|
u32 dot11RSNAAuthenticationSuiteSelected;
|
|
|
|
u32 dot11RSNAPairwiseCipherSelected;
|
|
|
|
u32 dot11RSNAGroupCipherSelected;
|
|
|
|
u8 dot11RSNAPMKIDUsed[PMKID_LEN];
|
|
|
|
u32 dot11RSNAAuthenticationSuiteRequested; /* FIX: update */
|
|
|
|
u32 dot11RSNAPairwiseCipherRequested; /* FIX: update */
|
|
|
|
u32 dot11RSNAGroupCipherRequested; /* FIX: update */
|
|
|
|
unsigned int dot11RSNATKIPCounterMeasuresInvoked;
|
|
|
|
unsigned int dot11RSNA4WayHandshakeFailures;
|
|
|
|
|
|
|
|
struct wpa_stsl_negotiation *stsl_negotiations;
|
|
|
|
|
|
|
|
struct wpa_auth_config conf;
|
|
|
|
struct wpa_auth_callbacks cb;
|
|
|
|
|
|
|
|
u8 *wpa_ie;
|
|
|
|
size_t wpa_ie_len;
|
|
|
|
|
|
|
|
u8 addr[ETH_ALEN];
|
|
|
|
|
|
|
|
struct rsn_pmksa_cache *pmksa;
|
|
|
|
struct wpa_ft_pmk_cache *ft_pmk_cache;
|
2013-03-16 18:13:31 +01:00
|
|
|
|
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
struct bitfield *ip_pool;
|
|
|
|
#endif /* CONFIG_P2P */
|
2008-02-28 02:34:43 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
|
|
|
const u8 *pmkid);
|
|
|
|
void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
|
|
|
|
logger_level level, const char *txt);
|
|
|
|
void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
|
|
|
|
logger_level level, const char *fmt, ...);
|
|
|
|
void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
|
|
|
struct wpa_state_machine *sm, int key_info,
|
|
|
|
const u8 *key_rsc, const u8 *nonce,
|
|
|
|
const u8 *kde, size_t kde_len,
|
|
|
|
int keyidx, int encr, int force_version);
|
|
|
|
int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
|
|
|
|
int (*cb)(struct wpa_state_machine *sm, void *ctx),
|
|
|
|
void *cb_ctx);
|
2008-08-03 19:17:58 +02:00
|
|
|
int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
|
|
|
|
int (*cb)(struct wpa_authenticator *a, void *ctx),
|
|
|
|
void *cb_ctx);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
#ifdef CONFIG_PEERKEY
|
|
|
|
int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
|
|
|
|
struct wpa_stsl_negotiation *neg);
|
|
|
|
void wpa_smk_error(struct wpa_authenticator *wpa_auth,
|
2014-11-23 19:51:26 +01:00
|
|
|
struct wpa_state_machine *sm,
|
|
|
|
const u8 *key_data, size_t key_data_len);
|
2008-02-28 02:34:43 +01:00
|
|
|
void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
|
2014-11-23 19:51:26 +01:00
|
|
|
struct wpa_state_machine *sm, struct wpa_eapol_key *key,
|
|
|
|
const u8 *key_data, size_t key_data_len);
|
2008-02-28 02:34:43 +01:00
|
|
|
void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
|
2014-11-23 19:51:26 +01:00
|
|
|
struct wpa_state_machine *sm, struct wpa_eapol_key *key,
|
|
|
|
const u8 *key_data, size_t key_data_len);
|
2008-02-28 02:34:43 +01:00
|
|
|
#endif /* CONFIG_PEERKEY */
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
|
2010-04-10 20:42:54 +02:00
|
|
|
int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
|
|
|
|
size_t r0kh_id_len,
|
|
|
|
const u8 *anonce, const u8 *snonce,
|
|
|
|
u8 *buf, size_t len, const u8 *subelem,
|
|
|
|
size_t subelem_len);
|
2008-02-28 02:34:43 +01:00
|
|
|
int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
|
2015-01-25 15:49:18 +01:00
|
|
|
struct wpa_ptk *ptk);
|
2008-02-28 02:34:43 +01:00
|
|
|
struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
|
|
|
|
void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
|
2010-03-13 20:11:26 +01:00
|
|
|
void wpa_ft_install_ptk(struct wpa_state_machine *sm);
|
2008-02-28 02:34:43 +01:00
|
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
|
|
|
|
#endif /* WPA_AUTH_I_H */
|